User attributes

Similar Messages

• How to get user attributes from LDAP authenticator

  I am using an LDAP authenticator and identity asserter to get user / group information.
  I would like to access LDAP attributes for the user in my ADF Taskflow (Deployed into webcenter spaces).
  Is there an available api to get all the user attributes through the established weblogic authenticator provider or do i have to directly connect to the LDAP server again?
  Any help would be appreciated

  Hi Julián,
  in fact, I've never worked with BSP iViews and so I don't know if there is a direct way to achieve what you want. Maybe you should ask within BSP forum...
  A possibility would be to create a proxy iView around the BSP iView (in fact: before the BSP AppIntegrator component) which reads the user names and passes this as application params to the BSP component. But this is
  Beginner
  Medium
  Advanced
  Also see http://help.sap.com/saphelp_nw04/helpdata/en/16/1e0541a407f06fe10000000a1550b0/frameset.htm
  Hope it helps
  Detlev

• How can i pass the logged in user attribute value into looku query ?

  HI,
  Is there any way to pass loggined in user attribute vallue to lookup query directrely in AD Child Group form.(Like '$Form data.UD_ADUSER_AD')
  Thanks in advance
  Edited by: 790561 on 5/12/2011 16:01

  loggined in user attribute vallue can be understood differently:
  - A requester raising a request and you want *Requestor's ID" there.
  - An approver logging in to the system for doing approvals.
  - A System admin logged in to the system for managing the *Forms, Requests' etc
  All the above cases are different and you would expect different values for all. If you requirement was the Requester then
  1) Either create a hidden attribute in the Process Form and pre-populate it from the Request Form. In your query use *$Form data.UD_ADUSER_DUMMYREQID')*
  2) Or directly capture the *$Requester Information.User Login$* attribute in the process form and do manipulations

• How to Sync User attributes between local forests?

  Hi
  We are currently migrating three AD domains to one.
  We are migrating users and distrubution groups with ADMT to the new domain, and stating to move services to the new domain. starting with sharepoint.
  But for some time, some services will remain in the three old domains. To avoid maintaining user attributes like phonenumber, address etc multiple places, I would like to schedule a sync of some user attributes from the old domains to the
  new.
  Just like DirSync between a local directory to office 365 - but how is it done with local domains and not with office365?
  So if a helpdesk user is updating a users phonenumber i one of the three old AD, it should be synced to the new domain after. I would like to run this as a schedule task every 15 minute or so.
  ADMT is like a one time migrating tool to create the users in the new domain, but I can't see that it will support user attribute
  synchronisation.
  Do you have any suggention on how I can solve this task?
  Best Regards, Steffen. 

  ADMT is like a one time migrating tool to create the users in the new domain, but I can't see that it will support user attribute
  synchronisation.
  I am not sure about the schedule task and if it is available to use in this scenario or not. You have two different security boundaries, so it is not easy as setting up a scheduled task to sync data. Even if it is possible, it would be very hard to established.
  For selected users you have to define what to sync and what not to sync and etc.
  I believe on of the things you can do is to use FIM 2010 in order to have a synchronized directory. That is the best thing you can do AFAIK.
  Sync Users between domains with Forefront 2010
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or
  to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.

• How to do the new created field in User Attributes, show in Manager GTC

  Hello Guys,
  I have a Connector GTC working perfectly. Now I created a new field in User Attributes and I need make this field appear in "Modify Connector Configuration" of "Manage Generic Connector" without having to create a new Connector.
  If I create a new Connector this field is showed normally, but this connector has a lot of mapping between the existing fields, I need only that a new field is displayed.
  How to I do this?
  Thanks

  Not sure what version of OIM you are using but check Bug: 12812650
  -Bikash

• Report on Active Directory User Attributes in SCCM 2012

  I need to output a list of all users in a collection, along with certain user attributes from Active Directory. I can get part of what I need with the following query:
  SELECT v_FullCollectionMembership.ResourceID,
  v_R_User.Windows_NT_Domain0,
  v_R_User.Distinguished_Name0,
  v_R_User.Full_User_Name0,
  v_R_User.Mail0,
  v_R_User.User_Name0
  FROM v_FullCollectionMembership, v_R_User
  WHERE v_FullCollectionMembership.ResourceID = v_R_User.ResourceID
  AND v_FullCollectionMembership.CollectionID = 'SMS00002'
  If possible I need to add:
  Last logon timestamp
  User account status (enabled or disabled)
  I have added "lastLogon" and "lastLogonTimestamp" as additional attributesunder Active Directory User Discovery. This discovery method is enabled and I have run a full discovery about a month ago, and again today. I read in
  another thread that these attributes should appear in the table v_R_User, however they have not. Is v_R_User the right place to look for this or is there another view or table I can query?
  Once I have the above sorted out, how can I find the user account status in SCCM? I have done reports in the past directly from AD and used the 'useraccountcontrol' attribute and I noticed there is a column named 'User_Account_Control0' in v_R_User, however
  the values do not match those found in Active Directory.
  Thanks.

  Have you checked the attribute from the Active Directory in decimal format? Check that and compare it to the value ConfigMgr has stored in its 'User_Account_Control0'...
  User Account Control tells you multiple things of the account, for example does the account have "Smart card login required" -option checked from the account properties.
  The tricky part here is to actually get the report show you what you really want, because "useraccountcontrol" -attribute is a numeric value, you have to calculate what decimal combination means what in readable text.
  More info on the attribute can be found from here
  http://support.microsoft.com/kb/305144 and from there you can also find the values for different settings. For example:
  account is enabled = 512
  account is disabled = 514
  account is enabled with smart card = 262656

• OIF11g - Help on sending user attributes in HTTP header

  Hello, I have a OIF11g setup configured for both IdP and SP. Upon successfull authentication against LDAP, I need to end some user attributes on the HTTP header to the SP application. I do no have OAM in my setup, so there is no option of Webgate or Policy Manager to do that. As far as I read the config doc, I'm in the impression that we need to write a custom authentication engine to accept user credentials and code to authenticate against LDAP and also add attributes to the response header.
  Before I go down that path, just wanted to confirm if anybody has done this with OIF?
  Thanks,
  Sunil.

  Bernhard:
  Actually the headers are not set to null. I have an intermediate index.jsp page which is the first page that is redirected to by the AM - it is this page which calls my LoginServlet.
  The value appears consistently on this index.jsp page but after it is forwarded to the LoginServlet it starts behaving inconsistently. I check the system.out log in my websphere /logs folder and that tells me that LoginServlet does not consistenly get these values from the header.
  The wierd part is that if I use cookies or attributes, it works perfectly - each time every time. However, only in the case of headers (which is the method i am required to do) it behaves inconsistently.
  ANY feedback/help on this would be really appreciated bern.. thanks..
  ~saahil

• All the steps involved in creating user attributes

  where is it documented on how to create user attributes that are stored in the ldap?
  I created a jspprovider channel, and I can get data out of the user attributes in the samplecontent.jsp by:
  JSPProvider p = (JSPProvider)pageContext.getAttribute("JSPProvider");
  SSOTokenManager mgr = SSOTokenManager.getInstance();
  SSOToken token = mgr.createSSOToken(request);
  AMStoreConnection dpc = new AMStoreConnection(token);
  String name = token.getPrincipal().getName();
  AMUser user = dpc.getUser(name);
  Map attMap = user.getAttributes();
  Collection valueCollection = attMap.values();
  Iterator valueIterator = valueCollection.iterator();
  int iSize = attMap.size();
  Set attKeySet = attMap.keySet();
  Iterator keyIterator = attKeySet.iterator();
  and then iterate through to display them all.
  I then tried to store a value using the sampledoedit.jsp file:
  JSPProvider p = (JSPProvider)pageContext.getAttribute("JSPProvider");
  SSOTokenManager mgr = SSOTokenManager.getInstance();
  SSOToken token = mgr.createSSOToken(request);
  AMStoreConnection dpc = new AMStoreConnection(token);
  String name = token.getPrincipal().getName();
  AMUser user = dpc.getUser(name);
  String aname = request.getParameter("attributeName");
  Object aval = request.getParameter("attributeValue");
  HashMap attMap = new HashMap();
  attMap.put(aname,aval);
  user.setAttributes(attMap);
  user.store(true);
  response.sendRedirect((String)pageContext.getAttribute("url"));
  For whatever reason, I get an error, and in the debug I just get couldn't set attributes.
  Then, when I try to retreive the list of attributes, the new name/value pair is created, but the value is blank.....
  Any ideas? Or a link on a step by step process on how to create user attributes?

  BTW, here is the error I get in the debug log:
  01/06/2005 12:43:47:232 PM AST: Thread[service-j2ee,5,main]
  ERROR: DesktopServlet.handleException()
  com.sun.portal.providers.ProviderException: JSPProvider.processJSPFile(): jsp=doedit.jsp, com.sun.portal.providers.ProviderException: JSPProvider.processJSPFile(): jsp=sampledoedit.jsp, com.iplanet.am.sdk.AMException: Unable to set attribute(s) com.sun.portal.desktop.taglib.DesktopTaglibException: JSPProvider.processJSPFile(): jsp=sampledoedit.jsp,
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:880)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:777)
  at com.sun.portal.providers.jsp.JSPProvider.processEdit(JSPProvider.java:673)
  at com.sun.portal.desktop.DesktopServlet.doGetPost(DesktopServlet.java:644)
  at com.sun.portal.desktop.DesktopServlet.service(DesktopServlet.java:320)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
  at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
  at com.iplanet.ias.web.WebContainer.service(WebContainer.java:586)
  com.sun.portal.providers.ProviderException: JSPProvider.processJSPFile(): jsp=sampledoedit.jsp, com.iplanet.am.sdk.AMException: Unable to set attribute(s) com.sun.portal.desktop.taglib.DesktopTaglibException: JSPProvider.processJSPFile(): jsp=sampledoedit.jsp,
  at com.sun.portal.desktop.taglib.provider.ProcessEditTag.doStartTag(ProcessEditTag.java:28)
  at jsps.etc._opt._SUNWps._desktop._AnyWarePortal_en_CA._JSPEditContainer._html._doedit_jsp._jspService(_doedit_jsp.java:193)
  at com.sun.portal.providers.jsp.jasper3.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
  at com.sun.portal.providers.jsp.JspServletWrapper.service(JspServletWrapper.java:182)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:863)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:777)
  at com.sun.portal.providers.jsp.JSPProvider.processEdit(JSPProvider.java:673)
  at com.sun.portal.desktop.DesktopServlet.doGetPost(DesktopServlet.java:644)
  at com.sun.portal.desktop.DesktopServlet.service(DesktopServlet.java:320)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
  at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
  at com.iplanet.ias.web.WebContainer.service(WebContainer.java:586)
  com.sun.portal.providers.ProviderException: JSPProvider.processJSPFile(): jsp=sampledoedit.jsp, com.iplanet.am.sdk.AMException: Unable to set attribute(s)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:880)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:777)
  at com.sun.portal.providers.jsp.JSPProvider.processEdit(JSPProvider.java:673)
  at com.sun.portal.desktop.taglib.provider.ProcessEditTag.doStartTag(ProcessEditTag.java:26)
  at jsps.etc._opt._SUNWps._desktop._AnyWarePortal_en_CA._JSPEditContainer._html._doedit_jsp._jspService(_doedit_jsp.java:193)
  at com.sun.portal.providers.jsp.jasper3.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
  at com.sun.portal.providers.jsp.JspServletWrapper.service(JspServletWrapper.java:182)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:863)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:777)
  at com.sun.portal.providers.jsp.JSPProvider.processEdit(JSPProvider.java:673)
  at com.sun.portal.desktop.DesktopServlet.doGetPost(DesktopServlet.java:644)
  at com.sun.portal.desktop.DesktopServlet.service(DesktopServlet.java:320)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
  at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
  at com.iplanet.ias.web.WebContainer.service(WebContainer.java:586)
  com.iplanet.am.sdk.AMException: Unable to set attribute(s)
  at com.iplanet.am.sdk.AMDirectoryManager.processInternalException(AMDirectoryManager.java:247)
  at com.iplanet.am.sdk.AMDirectoryManager.setAttributes(AMDirectoryManager.java:2151)
  at com.iplanet.am.sdk.AMCacheManager.setAttributes(AMCacheManager.java:867)
  at com.iplanet.am.sdk.AMObjectImpl.store(AMObjectImpl.java:1573)
  at jsps.etc._opt._SUNWps._desktop._AnyWarePortal_en_CA._WebFolders._html._sampledoedit_jsp._jspService(_sampledoedit_jsp.java:118)
  at com.sun.portal.providers.jsp.jasper3.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
  at com.sun.portal.providers.jsp.JspServletWrapper.service(JspServletWrapper.java:182)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:863)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:777)
  at com.sun.portal.providers.jsp.JSPProvider.processEdit(JSPProvider.java:673)
  at com.sun.portal.desktop.taglib.provider.ProcessEditTag.doStartTag(ProcessEditTag.java:26)
  at jsps.etc._opt._SUNWps._desktop._AnyWarePortal_en_CA._JSPEditContainer._html._doedit_jsp._jspService(_doedit_jsp.java:193)
  at com.sun.portal.providers.jsp.jasper3.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
  at com.sun.portal.providers.jsp.JspServletWrapper.service(JspServletWrapper.java:182)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:863)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:777)
  at com.sun.portal.providers.jsp.JSPProvider.processEdit(JSPProvider.java:673)
  at com.sun.portal.desktop.DesktopServlet.doGetPost(DesktopServlet.java:644)
  at com.sun.portal.desktop.DesktopServlet.service(DesktopServlet.java:320)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
  at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
  at com.iplanet.ias.web.WebContainer.service(WebContainer.java:586)

• Accessing user attributes from a pipeline component

  Hello,
  I'm using WLCS & WLPS 3.1. I use webflow and I have implemented the page
  transition myself to work with the portal. Everything is working fine.
  I'm planning to implement a complex step of a business process as a pipeline
  component. For various reasons, this PC will be implemented as an EJB. To
  perform its job, this PC needs to get information about the user that is
  currently logged in. More specifically, it needs to lookup custom attributes
  from the user profile (i.e. user property set).
  So my question is : is this possible directly from the PC, or do I have to
  populate the pipeline session with required information in the input
  processor?
  Thank you for your advice
  Nicolas

  Hello Ture,
  Thanks for both posts.
  Nicolas
  "Ture Hoefner" <[email protected]> wrote in message
  news:[email protected]..
  ... To perform its job, this PC needs to get information about the userthat
  is
  currently logged in. More specifically, it needs to lookup customattributes
  from the user profile (i.e. user property set).
  So my question is : is this possible directly from the PC, or do I haveto
  populate the pipeline session with required information in the input
  processor?Hello Nicolas,
  I have not tried this myself. I think that the disconnect between the
  pipeline session and the portal session is probably the fact that theattributes
  in the portal session have their keys "fixed up" by prepending the portal
  request URI. This is made possible by the
  com.beasys.commerce.foundation.flow.jsp.DefaultDestinationDeterminer,which the
  PortalDestinationDeterminer extends. It puts a "TRAFFIC.URI" attributeinto the
  each request that goes through the FlowManagerServlet for the portal. Inthe
  Acme exampleportal, the "SERVICEMANAGER.USER" attribute is put into theportal
  HttpSession as "exampleportal.SERVICEMANAGER.USER".
  If you want to get to the cached profile from your portal from yourpipeline
  component (PC) then you would have to know that the name is "fixed up" tobe
  "exampleportal.CACHED_PROFILE". There are probably several different waysyou
  could get the "TRAFFIC.URI" information to your PC.
  Ture Hoefner
  BEA Systems, Inc.
  2590 Pearl St.
  Suite 110
  Boulder, CO 80302
  www.bea.com

• How to access custom ume user attributes via VC?

  Hi guys,
  I configured a custom user attribute within the ume configuration:
  <a href="http://help.sap.com/saphelp_nw2004s/helpdata/de/44/0316d50bbe025ce10000000a1553f7/frameset.htm">Adding Custom Attributes to the User Profile</a>
  Now, how can I access this attribute within my VC model (user data)?
  Thanks for your ideas
  Benny

  Hi,
  Regarding adding properties to user data control, i have the following information. But i am not sure, whether it will be helpful to you.
  You can add a personalise property/User mapping property into a user data control.
  Drag a User data component, go to configure and click the + sign at the bottom of User parameters.
  You can add any personalised properties to the user data (with valid data types and allowed values). Then can use the property in any formula.
  When iView is opened in portal, the personalise property of that particular iView is used to change the property value
  Hope it helps.
  Regards,
  Sooraj

• OIM 11g: UDF disappears from User Attributes page

  Hi,
  I was modifying a user defined attribute using the 11.1.1.3 User Attributes configuration page. All I did was change its category to move it to another section of the user profile page. The last remaining field in the category 'disappeared'. It just went from the list of fields in the category. The field still exists on the USR object and still contains all the values. But it's gone from the UI.
  I exported the /file/User.xml from MDS and sure enough the missing attribute is not present in the User.xml file. It is there for the mapping to the back end column, and in another element. But the element that describes the field proper is not there. I've since added the attribute element back in manually and re-imported the metadata using the weblogic environment manager, but the field still does not appear.
  So, my question is does anybody know where else OIM stores the attribute details? Is it in the DB somewhere and merely mirrored in the MDS? What do I need to do to restore the field? (I can't add it in because it says it already exists.)
  Thanks

  PeachEye,
  I was unable to see the UDF's I had created on the user form until I set up a policy for them. Please check the policy around the UDF's.
  I am hoping this can help you.
  From Oracle documentation:
  User's Guide for Oracle Identity Manager
  11g Release 1 (11.1.1)
  E14316-03
  User-defined fields (UDFs) can be added by creating a policy and
  adding attributes in the self service user management
  administration policy in Oracle Identity Administration. To add
  the User defined attributes for view or modification under the
  Attributes tab, these UDFs need to be added to the modify user
  data set for self-service. Also, a custom policy needs to be created
  under self service user management to grant permission to view
  and/or modify these attributes.
  For details on authorization policies, refer "Creating and Managing
  Authorization Policies" on page 15-2.

• Updating values dynamically in an user attribute which is lookup field

  Hi All,
  Can I have a pre process event handler to update the values in the lookup field on my create user page? I have two user attributes - one is the default organization and the other is a user created Country attribute. Both of these are Lookup fields. I want to update the country lookup field by checking what is selected in the organization lookup field. Is this possible in OIM?
  Not sure if pre process event handler is the way to go but this is what I want to achieve. Can anybody guide me regarding the same?
  Thanks,
  $id

  OK, here's my shot at a walkthrough... let me know if I missed any steps.
  1. From your original post, you are using two lookup fields. I'm use a base VM for testing, so I needed to create two. I went with City and State (I know they are OOB, but this is just an example).
  - Created Lookup.Custom.City and Lookup.Custom.State Samples:
  Lookup.Custom.City
  Code Key-Decode
  Miami-Florida
  Orlando-Florida
  New Orleans-Louisiana
  Lookup.Custom.State
  Code Key-Decode
  Florida-Florida
  Lousiana-Louisiana
  - Creating Custom UDF Attributes: Advanced->User Configuration->Actions->User Attributes (LOV's)
  -- Office City and Office State
  2. Use weblogicExportMetadata.sh to export /metadata/iam-features-requestactions/model-data/CreateUserDataSet.xml
  3. Edit CreateUserDataSet.xml to add:
  <AttributeReference name="Office State" attr-ref="Office State" available-in-bulk="false" type="String" length="20" widget="lookup" lookup-code="Lookup.Custom.State" required="false" mls="false"/>
  <AttributeReference name="Office City" attr-ref="Office City" type="String" length="30" widget="lookup-query" available-in-bulk="false">
  <lookupQuery lookup-query="select City.LKV_ENCODED as City from (Select LKV_ENCODED , LKV_DECODED  from LKU LKU, LKV LKV where lku_type_String_key = 'Lookup.Custom.City' and lku.lku_key = lkv.lku_key) City, (Select LKV_ENCODED, LKV_DECODED from LKU LKU, LKV LKV where lku_type_String_key = 'Lookup.Custom.State' and lku.lku_key = lkv.lku_key and lkv_decoded='$Form Data.Office State') State where State.LKV_ENCODED = City.LKV_DECODED order by City" display-field="City" save-field="City"/>
  </AttributeReference>4. Use weblogicImportMetadata.sh to import CreateUserDataSet.xml
  5. Run ./PurgeCache ALL (same directory)
  6. Go to request - create user (this example is for request based provisioning)
  7. If all went ok, when you select State, let's say Florida, then when you then click on city lookup, you will only see Orlando and Miami. If you toggle the state to Louisiana, you'll need to click search again on city and New Orleans should be the only one that comes up.

• Inject User Attributes into SAML Credential Mapper V2 Assertions

  We are using SAML CMV2 on 10.0 MP1 and we would like to add user attributes in SAML assertions '<attributestatement>'.
  How do we inject attribute statements in assertions?
  [url http://e-docs.bea.com/wls/docs100/dvspisec/credmap.html]
  AT:
  - Do You Need to Develop a Custom Credential Mapping Provider?
  - 3rd paragraph, 4th sentence...
  States that the AttributeStatement can be configured to house user information. I have looked all over on how I can 'configure' the SAMLCMV2 to inject the user info we want (DN, favorite color, anything).
  Any input would be great,
  Thanks!
  Edited by dejavuuuuu at 03/18/2008 5:57 AM
  Edited by dejavuuuuu at 03/18/2008 5:59 AM

  Looks like it is not available in Weblogic 10 MP1 and we might have to wait for 10.3 where you get the SAMLCredentialAttributeMapper.
  http://edocs.bea.com/wls/docs100/javadocs/weblogic/security/providers/saml/SAMLCredentialAttributeMapper.html

• User attributes checked by Delta Discovery in SCCM 2012

  Hi All,
  Since I simply cannot find an answer to my question using google, will ask it here and hope you can help me.
  Which EXACT User attributes does Delta Discovery check for in SCCM 2012? Is it possible to manipulate this, and add one more attribute?
  Microsoft's answer to this question is a simple: Basic User Information, but that not an exact answer.
  Here is the deal. We updated the extensionAttribute12 with computernames, so that we know what the primary device for a User is (I know this feature is present in CM12, but we will not use it for reasons). This information will be collected by User Discovery
  and by using a nested query in the device collection, the Primary device will be added to it. This works like a charm, the only issue is time. We need that value to be checked by delta discovery if it has been changed, however this only works with FULL discovery
  which is set to 1 week. If I lower this value that might cause serious backlogs, as the jobs get piled up in the inboxes due to the large amount of DDR files. Is there anything we can do? Powershell script, a configuration file in CM12 for delta discovery
  or something. We really don't what to set the User discovery to run a FULL scan every 4 hours or so, as I don't know what would happen when checking for 24k Users.
  Thank you in advance for any sort of feedback!
  Regards,

  Hi,
  Well, I checked the attribute if its replicated to the GC and according to this line isMemberOfPartialAttributeSet: TRUE it does. Will run a test again with delta discovery, and if that failes, will try to change the SystemFlag on it.
  dn:CN=ms-Exch-Extension-Attribute-12,CN=Schema,CN=Configuration
  >objectClass: top
  >objectClass: attributeSchema
  >cn: ms-Exch-Extension-Attribute-12
  >distinguishedName: CN=ms-Exch-Extension-Attribute-12,CN=Schema,CN=Configuration
  >instanceType: 4
  >whenCreated: 20050715092317.0Z
  >whenChanged: 20110528160036.0Z
  >uSNCreated: 6155
  >attributeID: 1.2.840.113556.1.2.600
  >attributeSyntax: 2.5.5.12
  >isSingleValued: TRUE
  >rangeLower: 1
  >rangeUpper: 2048
  >mAPIID: 35928
  >uSNChanged: 6155
  >showInAdvancedViewOnly: TRUE
  >adminDisplayName: ms-Exch-Extension-Attribute-12
  >adminDescription: ms-Exch-Extension-Attribute-12
  >oMSyntax: 64
  >searchFlags: 16
  >lDAPDisplayName: extensionAttribute12
  >name: ms-Exch-Extension-Attribute-12
  >objectGUID: {5AC9437E-18AE-4EE6-909B-94CC1B6EF1C5}
  >schemaIDGUID: {167757F7-47F3-11D1-A9C3-0000F80367C1}
  >attributeSecurityGUID: {E48D0154-BCF8-11D1-8702-00C04FB96050}
  >isMemberOfPartialAttributeSet: TRUE
  >objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration
  >dSCorePropagationData: 16010101000000.0Z
  >msDS-IntId: -1992421057

• Problem in  maintain attributes for position in maintain user attributes

  Hi All ,
  I am facing a problem in Maintain User Attributes
  I should get only 5 values for any user in attributes dropdown of attributes for position
  But for some users I am getting as 10 values
  and for some users I am getting it as 20 values ..
  What my doubt is
  will it be based on role dependency or anyother one ..
  Pls let me know if u have any idea ..
  Thanks
  Kumar

  Hello,
  The ability of changing attributes via User settings depends on the role
  assigned to the user and whether this role has the appropriate rights to
  change the attributes.
  In this regard, check the customizing below:
  SRM -> SRM Server -> Cross Application Basic Settings -> Roles ->
  Maintain Attribute Access Rights by Role.
  Here you define which parameter can be changed depending on the role
  assigned to user in question.
  Regards,
  Ricardo

• Problems in setting user attributes using amclientsdk

  Hi,
  I am trying to set user attributes using amclientsdk. I am using the below mentioned piece of code for the same:
  AMIdentity idn = new AMIdentity(auth1.getSSOToken());
  Set s = new HashSet();
  s.add("cn=adviser,dc=axa,dc=au");
  Map roleMap = new HashMap();
  String userRoleKey = "nsRole";
  roleMap.put(userRoleKey,s);
  amIdObj.setAttributes(roleMap);
  amIdObj.store();
  The AMIdentity type is USER. The environment is Linux and I have amclientsdk.jar in my classpath. When I run the above piece of code then I get the following exception:
  Exception in thread "main" java.lang.ExceptionInInitializerError
  at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.checkConnPool(LDAPv3Repo.java:4516)
  at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.addListener(LDAPv3Repo.java:1051)
  at com.sun.identity.idm.server.IdServicesImpl.getAllConfiguredPlugins(IdServicesImpl.java:2490)
  at com.sun.identity.idm.server.IdServicesImpl.getFullyQualifiedNames(IdServicesImpl.java:209)
  at com.sun.identity.idm.server.IdCachedServicesImpl.getFullyQualifiedNames(IdCachedServicesImpl.java:588)
  at com.sun.identity.idm.AMIdentity.getFullyQualifiedNames(AMIdentity.java:1162)
  at com.sun.identity.idm.AMIdentity.equals(AMIdentity.java:1091)
  at com.sun.identity.delegation.DelegationEvaluator.isAllowed(DelegationEvaluator.java:140)
  at com.sun.identity.idm.server.IdServicesImpl.checkPermission(IdServicesImpl.java:2906)
  at com.sun.identity.idm.server.IdServicesImpl.setAttributes(IdServicesImpl.java:1402)
  at com.sun.identity.idm.server.IdCachedServicesImpl.setAttributes(IdCachedServicesImpl.java:467)
  at com.sun.identity.idm.AMIdentity.store(AMIdentity.java:457)
  at ProcessAuth.main(ProcessAuth.java:131)
  Caused by: java.util.MissingResourceException: Can't find bundle for base name amLDAPv3Repo, locale en_US
  at java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:836)
  at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:805)
  at java.util.ResourceBundle.getBundle(ResourceBundle.java:576)
  at com.iplanet.am.util.Locale.getInstallResourceBundle(Locale.java:255)
  at com.sun.identity.idm.plugins.ldapv3.LDAPv3Bundle.<clinit>(LDAPv3Bundle.java:56)
  ... 13 more
  Any help on this would be greatly appreciated !

  Thanks for a response Aaron !
  Probelm is I am not even able to set nsroledn attribute using amIdentity's store() method. I am able to set other attributes using store() but not these role related attributes.